use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern in project hub-alert by blackducksoftware.
the class ProjectMessageSummarizerTest method groupedConcernCountTest.
@Test
public void groupedConcernCountTest() {
ComponentConcern vulnerabilityConcern1 = ComponentConcern.vulnerability(ItemOperation.ADD, "CVE-123", ComponentConcernSeverity.CRITICAL, "https://vuln-rul");
ComponentConcern vulnerabilityConcern2 = ComponentConcern.vulnerability(ItemOperation.ADD, "CVE-456", ComponentConcernSeverity.CRITICAL, "https://vuln-rul");
ComponentConcern vulnerabilityConcern3 = ComponentConcern.vulnerability(ItemOperation.ADD, "CVE-789", ComponentConcernSeverity.CRITICAL, "https://vuln-rul");
ComponentConcern vulnerabilityConcern4 = ComponentConcern.vulnerability(ItemOperation.DELETE, "CVE-246", ComponentConcernSeverity.MINOR_MEDIUM, "https://vuln-rul");
BomComponentDetails bomComponentDetails = createBomComponentDetails(List.of(vulnerabilityConcern1, vulnerabilityConcern2, vulnerabilityConcern3, vulnerabilityConcern4));
ProjectMessage projectMessage = ProjectMessage.componentConcern(providerDetails, commonProject, commonProjectVersion, List.of(bomComponentDetails));
ProcessedProviderMessage<ProjectMessage> processedProviderMessage = new ProcessedProviderMessage<>(Set.of(1L), projectMessage);
ProcessedProviderMessage<SimpleMessage> summarizedSimpleMessage = projectMessageSummarizer.summarize(processedProviderMessage);
SimpleMessage simpleMessage = summarizedSimpleMessage.getProviderMessage();
printSimpleMessage(simpleMessage);
testProjectStatus(simpleMessage);
testComponentStatus(simpleMessage);
assertEquals(4, simpleMessage.getDetails().size());
assertEquals(3, Integer.valueOf(getDetailValue(simpleMessage.getDetails(), vulnerabilityConcern1.getSeverity().getVulnerabilityLabel(), "Vulnerabilities", ProjectMessageSummarizer.OP_PARTICIPLE_ADDED)));
assertEquals(1, Integer.valueOf(getDetailValue(simpleMessage.getDetails(), vulnerabilityConcern4.getSeverity().getVulnerabilityLabel(), "Vulnerabilities", ProjectMessageSummarizer.OP_PARTICIPLE_DELETED)));
}
use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern in project hub-alert by blackducksoftware.
the class ProjectMessageSummarizerTest method summarizeComponentConcernTest.
@Test
public void summarizeComponentConcernTest() {
ComponentConcern policyConcern = ComponentConcern.severePolicy(ItemOperation.ADD, "A severe policy", ComponentConcernSeverity.TRIVIAL_LOW, "https://severe-policy");
ComponentConcern vulnerabilityConcern1 = ComponentConcern.vulnerability(ItemOperation.ADD, "CVE-123", ComponentConcernSeverity.CRITICAL, "https://vuln-rul");
ComponentConcern vulnerabilityConcern2 = ComponentConcern.vulnerability(ItemOperation.UPDATE, "CVE-135", ComponentConcernSeverity.TRIVIAL_LOW, "https://vuln-rul");
ComponentConcern vulnerabilityConcern3 = ComponentConcern.vulnerability(ItemOperation.DELETE, "CVE-246", ComponentConcernSeverity.MINOR_MEDIUM, "https://vuln-rul");
BomComponentDetails bomComponentDetails = createBomComponentDetails(List.of(policyConcern, vulnerabilityConcern1, vulnerabilityConcern2, vulnerabilityConcern3));
ProjectMessage projectMessage = ProjectMessage.componentConcern(providerDetails, commonProject, commonProjectVersion, List.of(bomComponentDetails));
ProcessedProviderMessage<ProjectMessage> processedProviderMessage = new ProcessedProviderMessage<>(Set.of(1L), projectMessage);
ProcessedProviderMessage<SimpleMessage> summarizedSimpleMessage = projectMessageSummarizer.summarize(processedProviderMessage);
SimpleMessage simpleMessage = summarizedSimpleMessage.getProviderMessage();
printSimpleMessage(simpleMessage);
testProjectStatus(simpleMessage);
testComponentStatus(simpleMessage);
assertEquals(6, simpleMessage.getDetails().size());
assertTrue(doesLabelExist(simpleMessage.getDetails(), policyConcern.getSeverity().getPolicyLabel(), "Policies", ProjectMessageSummarizer.OP_PARTICIPLE_VIOLATED));
assertTrue(doesLabelExist(simpleMessage.getDetails(), vulnerabilityConcern1.getSeverity().getVulnerabilityLabel(), "Vulnerabilities", ProjectMessageSummarizer.OP_PARTICIPLE_ADDED));
assertTrue(doesLabelExist(simpleMessage.getDetails(), vulnerabilityConcern2.getSeverity().getVulnerabilityLabel(), "Vulnerabilities", ProjectMessageSummarizer.OP_PARTICIPLE_UPDATED));
assertTrue(doesLabelExist(simpleMessage.getDetails(), vulnerabilityConcern3.getSeverity().getVulnerabilityLabel(), "Vulnerabilities", ProjectMessageSummarizer.OP_PARTICIPLE_DELETED));
assertTrue(simpleMessage.getDescription().contains("problems"));
}
use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern in project hub-alert by blackducksoftware.
the class ProjectMessageSummarizerTest method sortedConcernsTest.
@Test
public void sortedConcernsTest() {
ComponentConcern policyConcern1 = ComponentConcern.severePolicy(ItemOperation.ADD, "A severe policy", ComponentConcernSeverity.TRIVIAL_LOW, "https://severe-policy");
ComponentConcern policyConcern2 = ComponentConcern.severePolicy(ItemOperation.ADD, "A severe policy", ComponentConcernSeverity.BLOCKER, "https://severe-policy");
ComponentConcern policyConcern3 = ComponentConcern.severePolicy(ItemOperation.ADD, "A severe policy", ComponentConcernSeverity.MINOR_MEDIUM, "https://severe-policy");
ComponentConcern vulnerabilityConcern1 = ComponentConcern.vulnerability(ItemOperation.ADD, "CVE-123", ComponentConcernSeverity.CRITICAL, "https://vuln-rul");
ComponentConcern vulnerabilityConcern2 = ComponentConcern.vulnerability(ItemOperation.ADD, "CVE-135", ComponentConcernSeverity.TRIVIAL_LOW, "https://vuln-rul");
ComponentConcern vulnerabilityConcern3 = ComponentConcern.vulnerability(ItemOperation.ADD, "CVE-246", ComponentConcernSeverity.MINOR_MEDIUM, "https://vuln-rul");
ComponentConcern policyConcern4 = ComponentConcern.severePolicy(ItemOperation.ADD, "A severe policy", ComponentConcernSeverity.BLOCKER, "https://severe-policy");
ComponentConcern policyConcern5 = ComponentConcern.severePolicy(ItemOperation.ADD, "A severe policy", ComponentConcernSeverity.MAJOR_HIGH, "https://severe-policy");
ComponentConcern policyConcern6 = ComponentConcern.severePolicy(ItemOperation.ADD, "A severe policy", ComponentConcernSeverity.CRITICAL, "https://severe-policy");
ComponentConcern policyConcern7 = ComponentConcern.severePolicy(ItemOperation.ADD, "A severe policy", ComponentConcernSeverity.UNSPECIFIED_UNKNOWN, "https://severe-policy");
ComponentConcern vulnerabilityConcern4 = ComponentConcern.vulnerability(ItemOperation.ADD, "CVE-123", ComponentConcernSeverity.BLOCKER, "https://vuln-rul");
ComponentConcern vulnerabilityConcern5 = ComponentConcern.vulnerability(ItemOperation.ADD, "CVE-123", ComponentConcernSeverity.UNSPECIFIED_UNKNOWN, "https://vuln-rul");
ComponentConcern vulnerabilityConcern6 = ComponentConcern.vulnerability(ItemOperation.ADD, "CVE-123", ComponentConcernSeverity.MAJOR_HIGH, "https://vuln-rul");
BomComponentDetails bomComponentDetails = createBomComponentDetails(List.of(policyConcern1, policyConcern2, policyConcern3, policyConcern4, policyConcern5, policyConcern6, policyConcern7, vulnerabilityConcern1, vulnerabilityConcern2, vulnerabilityConcern3, vulnerabilityConcern4, vulnerabilityConcern5, vulnerabilityConcern6));
ProjectMessage projectMessage = ProjectMessage.componentConcern(providerDetails, commonProject, commonProjectVersion, List.of(bomComponentDetails));
ProcessedProviderMessage<ProjectMessage> processedProviderMessage = new ProcessedProviderMessage<>(Set.of(1L), projectMessage);
ProcessedProviderMessage<SimpleMessage> summarizedSimpleMessage = projectMessageSummarizer.summarize(processedProviderMessage);
SimpleMessage simpleMessage = summarizedSimpleMessage.getProviderMessage();
printSimpleMessage(simpleMessage);
// There are a total of 14 details, the latter 12 being policies and vulnerabilities sorted by type then severity
assertEquals(14, simpleMessage.getDetails().size());
List<LinkableItem> details = simpleMessage.getDetails();
assertTrue(details.get(2).getLabel().contains(ComponentConcernSeverity.BLOCKER.getPolicyLabel()));
assertTrue(details.get(3).getLabel().contains(ComponentConcernSeverity.CRITICAL.getPolicyLabel()));
assertTrue(details.get(4).getLabel().contains(ComponentConcernSeverity.MAJOR_HIGH.getPolicyLabel()));
assertTrue(details.get(5).getLabel().contains(ComponentConcernSeverity.MINOR_MEDIUM.getPolicyLabel()));
assertTrue(details.get(6).getLabel().contains(ComponentConcernSeverity.TRIVIAL_LOW.getPolicyLabel()));
assertTrue(details.get(7).getLabel().contains(ComponentConcernSeverity.UNSPECIFIED_UNKNOWN.getPolicyLabel()));
assertTrue(details.get(8).getLabel().contains(ComponentConcernSeverity.BLOCKER.getVulnerabilityLabel()));
assertTrue(details.get(9).getLabel().contains(ComponentConcernSeverity.CRITICAL.getVulnerabilityLabel()));
assertTrue(details.get(10).getLabel().contains(ComponentConcernSeverity.MAJOR_HIGH.getVulnerabilityLabel()));
assertTrue(details.get(11).getLabel().contains(ComponentConcernSeverity.MINOR_MEDIUM.getVulnerabilityLabel()));
assertTrue(details.get(12).getLabel().contains(ComponentConcernSeverity.TRIVIAL_LOW.getVulnerabilityLabel()));
assertTrue(details.get(13).getLabel().contains(ComponentConcernSeverity.UNSPECIFIED_UNKNOWN.getVulnerabilityLabel()));
}
use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern in project hub-alert by blackducksoftware.
the class ProjectMessageToIssueModelTransformerTest method convertToIssueModelsForPolicyTest.
@Test
public void convertToIssueModelsForPolicyTest() {
ComponentConcern policyConcern = ComponentConcern.policy(ItemOperation.ADD, COMPONENT_POLICY_1.getPolicyName(), "https://policy");
BomComponentDetails bomComponentDetails = createBomComponentDetails(policyConcern);
ProjectMessage projectMessage = ProjectMessage.componentConcern(PROVIDER_DETAILS, PROJECT, PROJECT_VERSION, List.of(bomComponentDetails));
ProjectMessageToIssueModelTransformer modelTransformer = new ProjectMessageToIssueModelTransformer();
List<ProjectIssueModel> policyIssueModels = modelTransformer.convertToIssueModels(projectMessage);
assertEquals(1, policyIssueModels.size());
ProjectIssueModel policyIssueModel = policyIssueModels.get(0);
assertRequiredDetails(policyIssueModel);
Optional<IssuePolicyDetails> optionalPolicyDetails = policyIssueModel.getPolicyDetails();
assertTrue(optionalPolicyDetails.isPresent(), "Expected policy details to be present");
IssuePolicyDetails policyDetails = optionalPolicyDetails.get();
assertEquals(policyConcern.getName(), policyDetails.getName());
assertEquals(policyConcern.getOperation(), policyDetails.getOperation());
assertEquals(policyConcern.getSeverity(), policyDetails.getSeverity());
}
use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern in project hub-alert by blackducksoftware.
the class ProjectMessageToIssueModelTransformerTest method convertToIssueModelsForComponentUnknownVersionTest.
@Test
public void convertToIssueModelsForComponentUnknownVersionTest() {
ComponentConcern unknownComponentConcern = ComponentConcern.unknownComponentVersion(ItemOperation.ADD, "Component01", ComponentConcernSeverity.MAJOR_HIGH, 2, "https://synopsys.com");
BomComponentDetails bomComponentDetails = createBomComponentDetails(unknownComponentConcern);
ProjectMessage projectMessage = ProjectMessage.componentConcern(PROVIDER_DETAILS, PROJECT, PROJECT_VERSION, List.of(bomComponentDetails));
ProjectMessageToIssueModelTransformer modelTransformer = new ProjectMessageToIssueModelTransformer();
List<ProjectIssueModel> policyIssueModels = modelTransformer.convertToIssueModels(projectMessage);
assertEquals(1, policyIssueModels.size());
ProjectIssueModel unknownVersionIssueModel = policyIssueModels.get(0);
assertRequiredDetails(unknownVersionIssueModel);
Optional<IssueComponentUnknownVersionDetails> optionalDetails = unknownVersionIssueModel.getComponentUnknownVersionDetails();
assertTrue(optionalDetails.isPresent(), "Expected unknown component details to be present");
IssueComponentUnknownVersionDetails details = optionalDetails.get();
assertEquals(ItemOperation.ADD, details.getItemOperation());
assertEquals(1, details.getEstimatedRiskModelList().size());
IssueEstimatedRiskModel estimatedRiskModel = details.getEstimatedRiskModelList().get(0);
assertEquals(ComponentConcernSeverity.MAJOR_HIGH, estimatedRiskModel.getSeverity());
assertEquals("Component01", estimatedRiskModel.getName());
assertEquals(2, estimatedRiskModel.getCount());
assertTrue(estimatedRiskModel.getComponentVersionUrl().isPresent());
}
Aggregations